[Opendnssec-user] key_data_update() failed

(Berry) A.W. van Halderen berry at nlnetlabs.nl
Thu Feb 18 08:54:47 UTC 2021

On Tue, Feb 09, 2021 at 01:43:09PM -0800, Randy Bush via Opendnssec-user wrote:
> opendnssec version 2.1.7
> softhsm 1.3.8
> Feb  8 20:07:33 rap ods-enforcerd[676]: [enforcer] update: key_data_update() failed
> goog gives no hits for key_data_update() failed

I've had one report earlier, but that one was somewhat uncertain.  Now
with your report and from Roman Serbski there seems to be more of a

The message itself is too technical IMO, and should not be logged this
way, as many others are.  Instead there should have been a message
that a key transaction could not be completed because the change could
not be persisted into the database, and will be tried again.

Technically an update query to the database failed, or did not change
anything in the database as would have been expected.  It's hard to
speculate why, because there should not be any valid reason for this.

- No narrow down my research, is this based on a MySQL database?
- Does the problem persist, i.e. does this message keep or appearing?
- This can be explicitly tested using the command "ods-enforcer enforce".
- Does the problem persist even after a restart of the enforcer
  "ods-enforcer stop ; ods-enforcer start"?
- How many zones does the enforcer handle?
- Are there any other log messages which might help me?

There should be no problem if the problem does not persist, as the
transaction should be retried, but again, it should not happen in
any circumstance, apart from actually stopping the database.


P.S.: The imminent 2.1.8 release with a fix to purging of the keys,
cannot be related to this issue.

More information about the Opendnssec-user mailing list